From b4618d133f473b9bbc36f2a5e94b8b0f257ba3e0 Mon Sep 17 00:00:00 2001 From: Radovan Sroka Date: Fri, 5 Aug 2022 14:49:30 +0200 Subject: [PATCH] Add mention that using of names requires name resolution - using of user and group names as uid and gid attributes requires correct name resolution Signed-off-by: Radovan Sroka --- README.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/README.md b/README.md index d932e00..abc5eee 100644 --- a/README.md +++ b/README.md @@ -131,6 +131,12 @@ You can similarly do this for trusted users that have to execute things in the home dir. You can create a trusted_user group, add them the group, and then write a rule allowing them to execute from their home dir. +When you want to use user or group name (as a string). You have to guarantee +that these names were correctly resolved. In case of systemd, you need to add +a new after target 'After=nss-user-lookup.target'. +To achieve that you can use `systemctl edit --full fapolicyd`, +uncomment the respective line and save the change. + ``` allow perm=any gid=trusted_user : ftype=%languages dir=/home deny_audit perm=any all : ftype=%languages dir=/home